Splunk Search

Community Activity

Extract the second word with the events All, I'm able to extract the second word but now the requirement is little different. _time _raw Shivera 346.789.6... by prettysunshinez Explorer in Splunk Search 12-23-2019 0 2	0	2
Convert Time Format Hi , In splunk query i need to convert time format as below . Current format - 08:09.23 AM, Fri 06/10/2016 Require... by SoknySplunk Loves-to-Learn Lots in Splunk Search 12-23-2019 0 1	0	1
How to configure a search for metadata I have a number of Jenkins jobs for which I would like to create a dashboard with search (pull downs, form fills). Th... by jtpryan New Member in Splunk Search 12-22-2019 0 1	0	1
Splunk Query to get time taken by each application in a transaction Hi All, I am new to splunk. I got a transaction which is flowing through multiple applications. I got a requirement ... by jyothishtj New Member in Splunk Search 12-22-2019 0 7	0	7
Search the strings that are not available in lookup file All, I have a question on how to perform a search with the strings that are not available in lookup file.. I have a... by prettysunshinez Explorer in Splunk Search 12-22-2019 0 1	0	1
Regex / Transforms issue. Hi Regexian Splunkers, I have an event that looks like so: 2020-02-20 20:22:02.202020 test:>"value" test1:>"value... by darrenfuller Contributor in Splunk Search 12-22-2019 0 1	0	1
How to add 30 day average into Splunk license usage search? I am using the Splunk 30 day usage search and would like to add the 30 day average into the search and then as on ove... by jwalzerpitt Influencer in Splunk Search 12-21-2019 0 1	0	1
How do I get my transaction search to use the first start event as the starting point? Hi, i have log file and i am using startswith Starting Dispatcher and endswith completed. but some times in the log t... by jaihind_nalla New Member in Splunk Search 12-21-2019 0 2	0	2
splunk syntax search a subnet All, I want search a subnet over all indexes and sourcetypes. The subnet is 5.5.0.0/16 How would the query look so I... by trojan_81 Path Finder in Splunk Search 12-21-2019 0 5	0	5
[subsearch]: Subsearch produced 1313901 results, truncating to maxout 50000 I am getting subsearch error while using the join command in my search. I have to use join command to connect 2 sourc... by pgadhari Builder in Splunk Search 12-21-2019 0 9	0	9
Subsearch Help I have the following search: index="" sourcetype=endpoints [search index="" signature="sig_id" \| dedup dest \| fiel... by richardphung Communicator in Splunk Search 12-21-2019 0 6	0	6
"Could not load lookup" error on Indexers We upgraded our indexers from 6.6.4 to 7.3.3 and now any search gives us: [sptsp005] Could not load lookup=LOOKUP-si... by infosecnav Engager in Splunk Search 12-21-2019 1 1	1	1
How can I create a time chart grouping the data per 5 minutes, but showing every minute? Example: _time---value---group 00:01------2---------2 00:02------3---------5 00:03------4---------9 00:04------2----... by ocnarb New Member in Splunk Search 12-20-2019 0 4	0	4
Trim braces from a token variable-Dynamic dashboards Im creating link to different dashboards based on the application clicked on from the main form So i have a variab... by rczone Path Finder in Splunk Search 12-20-2019 1 1	1	1
Splunk CLI and UI give different search results I index manually through UI the log file i wish to index (Data Inputs > Add new > Index Once) and select all the conf... by psychogyiokosta New Member in Splunk Search 12-20-2019 0 7	0	7
Search for Suspicious Logon Behavior Hello there. I want to build a query that alerts off when a single source IP or source computer is attempting to logo... by johann2017 Explorer in Splunk Search 12-20-2019 0 6	0	6
how can I use dedup command using many fields?? Greetings!! I would like to ask a question about dedup eg: \|dedup host ,IP \|dedup host \|dedup IP I've tried ... by pacifikn Communicator in Splunk Search 12-20-2019 0 5	0	5
Eval Epoch Duration Time into Human Readable Format I am using the following query to show the duration of a accounts logon and logoff. The results come back in epoch ti... by migullmills Explorer in Splunk Search 12-20-2019 1 2	1	2
How to store a value in one search and give it to other search i need to store a numerical value in Energ1 and store a string value in energy1 and use them in the last search ... by raghav4a1 New Member in Splunk Search 12-20-2019 0 1	0	1
Want to understand below condition in Query Can anyone help me to understand below condition where _time>=if("$field1.earliest$"=="0",1,relative_time(now(),"$f... by nilbak1 Communicator in Splunk Search 12-20-2019 0 1	0	1
makecontinuous and fillnull for selfmade date-hour column Hi, I'm trying to fill empty hours (without events) using makecontinuous. The time column created in the query/ \| t... by egur New Member in Splunk Search 12-19-2019 0 2	0	2
How can I extend the width of my drop down box in my dashboard? I'd like to extend the width of my drop down box in my dashboard because the source names are quite long and i'd like... by MichaelPriest Communicator in Splunk Search 12-19-2019 2 9	2	9
Extract multiple values when field is in the same log twice Hi all, I am working with a log that can sometimes have the same field in one log entry more than one time, but with... by bcarr12 Path Finder in Splunk Search 12-19-2019 0 5	0	5
How to concatenate a variable number of fields? I had the next events examples: 2019-09-16T13:27:10.169107+02:00 koopa.browser.local node= koopa.browser.local type... by rafadvega Path Finder in Splunk Search 12-19-2019 1 3	1	3
eval showing in btool props but does not appear in search Okay I'm pulling my hair out here. I'm playing around with Windows Defender Events, trying to capture them and get th... by bmorgenthaler Path Finder in Splunk Search 12-19-2019 0 4	0	4